/*     */ package com.zimbra.cs.servlet;
/*     */ 
/*     */ import com.zimbra.common.service.ServiceException;
/*     */ import com.zimbra.common.util.Log;
/*     */ import com.zimbra.common.util.ZimbraLog;
/*     */ import com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException;
/*     */ import com.zimbra.cs.service.authenticator.SSOAuthenticator;
/*     */ import com.zimbra.cs.service.authenticator.SSOAuthenticator.SSOAuthenticatorServiceException;
/*     */ import com.zimbra.cs.service.authenticator.SpnegoAuthenticator;
/*     */ import java.io.IOException;
/*     */ import java.net.URI;
/*     */ import java.net.URISyntaxException;
/*     */ import javax.servlet.Filter;
/*     */ import javax.servlet.FilterChain;
/*     */ import javax.servlet.FilterConfig;
/*     */ import javax.servlet.ServletContext;
/*     */ import javax.servlet.ServletException;
/*     */ import javax.servlet.ServletRequest;
/*     */ import javax.servlet.ServletResponse;
/*     */ import javax.servlet.http.HttpServletRequest;
/*     */ import javax.servlet.http.HttpServletResponse;
/*     */ import org.eclipse.jetty.security.SpnegoLoginService;
/*     */ import org.eclipse.jetty.server.Server;
/*     */ import org.eclipse.jetty.servlet.ServletContextHandler;
/*     */ import org.eclipse.jetty.servlet.ServletContextHandler.Context;
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ public class SpnegoFilter
/*     */   implements Filter
/*     */ {
/*     */   private static final String PARAM_PASS_THRU_ON_FAILURE_URI = "passThruOnFailureUri";
/*  47 */   private URI passThruOnFailureUri = null;
/*  48 */   private SpnegoLoginService spnegoUserRealm = null;
/*     */   
/*     */   public void init(FilterConfig filterConfig) throws ServletException
/*     */   {
/*  52 */     String uri = filterConfig.getInitParameter("passThruOnFailureUri");
/*  53 */     if (uri != null) {
/*     */       try {
/*  55 */         this.passThruOnFailureUri = new URI(uri);
/*     */       } catch (URISyntaxException e) {
/*  57 */         throw new ServletException("Malformed URI: " + uri, e);
/*     */       }
/*     */     }
/*     */     
/*  61 */     this.spnegoUserRealm = getSpnegoUserRealm(filterConfig);
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */   public void destroy() {}
/*     */   
/*     */ 
/*     */   public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
/*     */     throws IOException, ServletException
/*     */   {
/*  72 */     HttpServletRequest hreq = (HttpServletRequest)req;
/*  73 */     HttpServletResponse hresp = (HttpServletResponse)resp;
/*     */     try
/*     */     {
/*     */       try {
/*  77 */         authenticate(hreq, hresp);
/*     */       } catch (SSOAuthenticator.SSOAuthenticatorServiceException e) {
/*  79 */         if ("account.SENT_CHALLENGE".equals(e.getCode())) {
/*  80 */           return;
/*     */         }
/*  82 */         throw e;
/*     */       }
/*     */       
/*  85 */       chain.doFilter(req, resp);
/*     */     } catch (ServiceException e) {
/*  87 */       ZimbraServlet.addRemoteIpToLoggingContext(hreq);
/*  88 */       ZimbraServlet.addUAToLoggingContext(hreq);
/*  89 */       if ((e instanceof AccountServiceException.AuthFailedServiceException)) {
/*  90 */         AccountServiceException.AuthFailedServiceException afe = (AccountServiceException.AuthFailedServiceException)e;
/*  91 */         ZimbraLog.account.info("spnego auth failed: " + afe.getMessage() + afe.getReason(", %s"));
/*     */       } else {
/*  93 */         ZimbraLog.account.info("spnego auth failed: " + e.getMessage());
/*     */       }
/*  95 */       ZimbraLog.account.debug("spnego auth failed", e);
/*  96 */       ZimbraLog.clearContext();
/*     */       
/*  98 */       if (passThruOnAuthFailure(hreq)) {
/*  99 */         chain.doFilter(req, resp);
/*     */       } else {
/* 101 */         hresp.sendError(403, e.getMessage());
/*     */       }
/*     */     }
/*     */   }
/*     */   
/*     */   private boolean passThruOnAuthFailure(HttpServletRequest hreq)
/*     */   {
/* 108 */     if (this.passThruOnFailureUri != null) {
/*     */       try {
/* 110 */         URI reqUri = new URI(hreq.getRequestURI());
/* 111 */         return this.passThruOnFailureUri.equals(reqUri);
/*     */       }
/*     */       catch (URISyntaxException e) {}
/*     */     }
/* 115 */     return false;
/*     */   }
/*     */   
/*     */   private void authenticate(HttpServletRequest req, HttpServletResponse resp) throws ServiceException
/*     */   {
/* 120 */     if (this.spnegoUserRealm == null) {
/* 121 */       throw ServiceException.FAILURE("no spnego user realm", null);
/*     */     }
/* 123 */     SSOAuthenticator authenticator = new SpnegoAuthenticator(req, resp, this.spnegoUserRealm);
/* 124 */     authenticator.authenticate();
/*     */   }
/*     */   
/*     */   private SpnegoLoginService getSpnegoUserRealm(FilterConfig filterConfig)
/*     */   {
/* 129 */     ServletContext servletContext = filterConfig.getServletContext();
/* 130 */     if ((servletContext instanceof ServletContextHandler.Context)) {
/* 131 */       ServletContextHandler.Context sContext = (ServletContextHandler.Context)servletContext;
/*     */       
/* 133 */       ServletContextHandler contextHandler = (ServletContextHandler)sContext.getContextHandler();
/* 134 */       SpnegoLoginService realm = (SpnegoLoginService)contextHandler.getServer().getBean(SpnegoLoginService.class);
/* 135 */       if (realm != null) {
/* 136 */         ZimbraLog.account.debug("Found spnego user realm: [" + realm.getName() + "]");
/*     */       }
/* 138 */       return realm;
/*     */     }
/*     */     
/* 141 */     return null;
/*     */   }
/*     */ }


/* Location:              /home/mint/zimbrastore.jar!/com/zimbra/cs/servlet/SpnegoFilter.class
 * Java compiler version: 7 (51.0)
 * JD-Core Version:       0.7.1
 */